diff --git a/coursework-blog/step-10/admin.php b/coursework-blog/step-10/admin.php
new file mode 100644
index 0000000000000000000000000000000000000000..91f6afddc026b5755a13e17b0c75368c563d23bf
--- /dev/null
+++ b/coursework-blog/step-10/admin.php
@@ -0,0 +1,30 @@
+<?php
+error_reporting( E_ALL );
+ini_set( "display_errors", 1 );
+
+include_once "../../../coursework_blog_config.php";
+$db = new PDO( $dbInfo, $dbUser, $dbPassword );
+$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+$title = "PHP/MySQL blog demo";
+$css="css/blog.css";
+$embeddedStyle = "";
+
+include_once "views/header.php";
+include_once "views/admin/admin-navigation.php";
+
+$navigation = isset( $_GET['page'] );
+if ( $navigation ) {
+ //prepare to load corresponding controller
+ $contrl = $_GET['page'];
+} else {
+ //or prepare to load default controller
+ $contrl = "entries";
+}
+//load the controller
+include_once "controllers/admin/$contrl.php";
+
+include_once "views/footer.php";
+
+?>
+
diff --git a/coursework-blog/step-10/controllers/admin/editor.php b/coursework-blog/step-10/controllers/admin/editor.php
new file mode 100644
index 0000000000000000000000000000000000000000..bb87c09f4d1097e94677207ef423d14c82243b41
--- /dev/null
+++ b/coursework-blog/step-10/controllers/admin/editor.php
@@ -0,0 +1,52 @@
+<?php
+
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+
+//was editor form submitted?
+$editorSubmitted = isset( $_POST['action'] );
+if ( $editorSubmitted ) {
+ $buttonClicked = $_POST['action'];
+ $id = $_POST['id'];
+ $save = ($buttonClicked === 'save');
+ $insertNewEntry = ( $save and $id === '0' );
+ $updateEntry = ( $save and $insertNewEntry === false );
+ $deleteEntry = ($buttonClicked === 'delete');
+
+ $title = $_POST['title'];
+ $entry = $_POST['entry'];
+
+ if ( $insertNewEntry ) {
+ $savedEntryId = $entryTable->saveEntry( $title, $entry );
+ } else if ( $updateEntry ){
+ $entryTable->updateEntry( $id, $title, $entry );
+ $savedEntryId = $id;
+ } else if ( $deleteEntry ) {
+ $entryTable->deleteEntry( $id );
+ }
+}
+
+$entryRequested = isset( $_GET['id'] );
+$entrySaved = isset( $savedEntryId );
+
+if ( $entryRequested ) {
+ $id = $_GET['id'];
+ $entryData = $entryTable->getEntry( $id );
+ $entryData->entry_id = $id;
+ $entryData->message = "";
+} else if ( $entrySaved ) {
+ $entryData = $entryTable->getEntry( $savedEntryId );
+ $entryData->message = "Entry was saved";
+} else {
+ $entryData = new StdClass();
+ $entryData->entry_id = 0;
+ $entryData->title = "";
+ $entryData->entry_text = "";
+ $entryData->message = "";
+}
+
+
+include_once "views/admin/editor-html.php";
+
+?>
diff --git a/coursework-blog/step-10/controllers/admin/entries.php b/coursework-blog/step-10/controllers/admin/entries.php
new file mode 100644
index 0000000000000000000000000000000000000000..921d4945477d1b8f9120593603abbb64a9dd19a5
--- /dev/null
+++ b/coursework-blog/step-10/controllers/admin/entries.php
@@ -0,0 +1,11 @@
+<?
+
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+$allEntries = $entryTable->getAllEntries();
+
+include_once "views/admin/entries-html.php";
+
+
+?>
diff --git a/coursework-blog/step-10/controllers/admin/users.php b/coursework-blog/step-10/controllers/admin/users.php
new file mode 100644
index 0000000000000000000000000000000000000000..29516cf1844145610a682e807488ac0b969148a7
--- /dev/null
+++ b/coursework-blog/step-10/controllers/admin/users.php
@@ -0,0 +1,21 @@
+<?php
+include_once "models/Table.class.php";
+include_once "models/Admin_Table.class.php";
+
+$createNewAdmin = isset( $_POST['new-admin'] );
+
+if( $createNewAdmin ) {
+
+ $newEmail = $_POST['email'];
+ $newPassword = $_POST['password'];
+ $adminTable = new Admin_Table($db);
+
+ try {
+ $adminTable->create( $newEmail, $newPassword );
+ $adminFormMessage = "New user created";
+ } catch ( Exception $e ) {
+ $adminFormMessage = $e->getMessage();
+ }
+}
+
+include_once "views/admin/new-admin-form-html.php";
diff --git a/coursework-blog/step-10/controllers/blog.php b/coursework-blog/step-10/controllers/blog.php
new file mode 100644
index 0000000000000000000000000000000000000000..c675c8fc0f6da2223d57892b16396ae05a5001cd
--- /dev/null
+++ b/coursework-blog/step-10/controllers/blog.php
@@ -0,0 +1,17 @@
+<?
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+
+
+$entryClicked = isset( $_GET['id'] );
+if ($entryClicked ) {
+ $entryId = $_GET['id'];
+ $entryData = $entryTable->getEntry( $entryId );
+// print_r($entryData);
+ include_once "views/entry-html.php";
+} else {
+ $entries = $entryTable->getallentries();
+ include_once "views/list-entries-html.php";
+}
+?>
diff --git a/coursework-blog/step-10/coursework-blog.sql b/coursework-blog/step-10/coursework-blog.sql
new file mode 100644
index 0000000000000000000000000000000000000000..d9006b2c318c93f769f3be69fa408e58f73731f7
--- /dev/null
+++ b/coursework-blog/step-10/coursework-blog.sql
@@ -0,0 +1,16 @@
+-- this will create a table for blog entries
+CREATE TABLE blog_entry (
+ entry_id INT NOT NULL AUTO_INCREMENT,
+ title VARCHAR( 150 ),
+ entry_text TEXT,
+ date_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY ( entry_id )
+)
+
+-- this will create a table for admin users
+CREATE TABLE admin (
+ admin_id INT NOT NULL AUTO_INCREMENT,
+ email TEXT,
+ password VARCHAR( 32 ),
+ PRIMARY KEY ( admin_id )
+)
diff --git a/coursework-blog/step-10/css/blog.css b/coursework-blog/step-10/css/blog.css
new file mode 100644
index 0000000000000000000000000000000000000000..c1b6d0670a8fd4ef1d0b8d9b856a04639d5d583e
--- /dev/null
+++ b/coursework-blog/step-10/css/blog.css
@@ -0,0 +1,24 @@
+/* code listing for blog/css/blog.css */
+form#editor{
+ width: 300px;
+ margin:0px;
+ padding:0px;
+}
+
+form#editor label, form#editor input[type='text']{
+ display:block;
+}
+
+form#editor #editor-buttons{
+ border:none;
+ text-align:right;
+}
+
+form#editor textarea, form#editor input[type='text']{
+ width:90%;
+ margin-bottom:2em;
+}
+
+form#editor textarea{
+ height:10em;
+}
diff --git a/coursework-blog/step-10/index.php b/coursework-blog/step-10/index.php
new file mode 100644
index 0000000000000000000000000000000000000000..d15e46128c23bde74a1f5f5130449f4f805659a7
--- /dev/null
+++ b/coursework-blog/step-10/index.php
@@ -0,0 +1,19 @@
+<?php
+error_reporting( E_ALL );
+ini_set( "display_errors", 1 );
+
+include_once "../../../coursework_blog_config.php";
+$db = new PDO( $dbInfo, $dbUser, $dbPassword );
+$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+$title = "PHP/MySQL blog demo";
+$css="css/blog.css";
+$embeddedStyle = "";
+include_once "views/header.php";
+
+include_once "controllers/blog.php";
+
+include_once "views/footer.php";
+
+?>
+
diff --git a/coursework-blog/step-10/models/Admin_Table.class.php b/coursework-blog/step-10/models/Admin_Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..dd52931c75a0a78e24a4825f9eed59bd35884511
--- /dev/null
+++ b/coursework-blog/step-10/models/Admin_Table.class.php
@@ -0,0 +1,25 @@
+<?
+
+class Admin_Table extends Table {
+
+ public function create ( $email, $password ) {
+ //check if e-mail is available
+ $this->checkEmail( $email );
+ //encrypt password with MD5
+ $sql = "INSERT INTO admin ( email, password )
+ VALUES( ?, SHA1(?) )";
+ $data= array( $email, $password );
+ $this->makeStatement( $sql, $data );
+ }
+
+ private function checkEmail ($email) {
+ $sql = "SELECT email FROM admin WHERE email = ?";
+ $data = array( $email );
+ $this->makeStatement( $sql, $data );
+ $statement = $this->makeStatement( $sql, $data );
+ if ( $statement->rowCount() === 1 ) {
+ $e = new Exception("Error: '$email' already used!");
+ throw $e;
+ }
+ }
+}
diff --git a/coursework-blog/step-10/models/Blog_Entry_Table.class.php b/coursework-blog/step-10/models/Blog_Entry_Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..9a6c81a1ecb26e5d5f7e420233735eea307fd271
--- /dev/null
+++ b/coursework-blog/step-10/models/Blog_Entry_Table.class.php
@@ -0,0 +1,45 @@
+<?php
+class Blog_Entry_Table extends Table {
+
+
+ public function saveEntry ( $title, $entry ) {
+ $entrySQL = "INSERT INTO blog_entry ( title, entry_text ) VALUES ( ?, ?)";
+ $formData = array( $title, $entry );
+ $entryStatement = $this->makeStatement( $entrySQL, $formData );
+ return $this->db->lastInsertId();
+ }
+
+ public function getAllEntries () {
+ $sql = "SELECT entry_id, title, SUBSTRING(entry_text, 1, 150) AS intro FROM blog_entry";
+ $statement = $this->makeStatement($sql);
+ return $statement;
+ }
+
+
+ public function getEntry( $id ){
+ $sql = "SELECT entry_id, title, entry_text, date_created FROM blog_entry WHERE entry_id = ?";
+ $data = array($id);
+ $statement = $this->makeStatement( $sql, $data);
+ $model = $statement->fetchObject();
+ return $model;
+ }
+
+ public function updateEntry ( $id, $title, $entry) {
+ $sql = "UPDATE blog_entry
+ SET title = ?,
+ entry_text = ?
+ WHERE entry_id = ?";
+ $data = array( $title, $entry, $id );
+ $statement = $this->makeStatement( $sql, $data) ;
+ return $statement;
+ }
+
+ public function deleteEntry ( $id ) {
+ $sql = "DELETE FROM blog_entry WHERE entry_id = ?";
+ $data = array( $id );
+ $statement = $this->makeStatement( $sql, $data );
+ }
+
+}
+
+?>
diff --git a/coursework-blog/step-10/models/Table.class.php b/coursework-blog/step-10/models/Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..0f5eaf1cd18b5e778762ae34c234a716c7f5f0b4
--- /dev/null
+++ b/coursework-blog/step-10/models/Table.class.php
@@ -0,0 +1,22 @@
+<?php
+class Table {
+ protected $db;
+
+
+ public function __construct ( $db ) {
+ $this->db = $db;
+ }
+
+ public function makeStatement( $sql, $data = NULL) {
+ $statement = $this->db->prepare( $sql );
+ try{
+ $statement->execute( $data );
+ } catch (Exception $e) {
+ $exceptionMessage = "<p>You tried to run this sql: $sql <p>
+ <p>Exception: $e</p>";
+ trigger_error($exceptionMessage);
+ }
+ return $statement;
+ }
+
+}
diff --git a/coursework-blog/step-10/views/admin/admin-navigation.php b/coursework-blog/step-10/views/admin/admin-navigation.php
new file mode 100644
index 0000000000000000000000000000000000000000..05a639ed7217f7d8aff2dd315526441cc5f180fa
--- /dev/null
+++ b/coursework-blog/step-10/views/admin/admin-navigation.php
@@ -0,0 +1,12 @@
+<?php
+
+$out = "
+<nav id='admin-navigation'>
+ <a href='admin.php?page=entries'>All entries</a>
+ <a href='admin.php?page=editor'>Editor</a>
+ <a href='admin.php?page=users'>Create admin user</a>
+</nav>";
+
+echo $out;
+
+?>
diff --git a/coursework-blog/step-10/views/admin/editor-html.php b/coursework-blog/step-10/views/admin/editor-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..e614941c7cfbf37d4cf009076dcf31cc2c3eaffb
--- /dev/null
+++ b/coursework-blog/step-10/views/admin/editor-html.php
@@ -0,0 +1,25 @@
+<?php
+
+$out = "
+<form method='post' action='admin.php?page=editor' id='editor'>
+ <input type='hidden' name='id' value='$entryData->entry_id' />
+ <fieldset>
+ <legend>New Entry Submission</legend>
+ <label>Title</label>
+ <input type='text' name='title' maxlength='150' value='$entryData->title' required />
+
+ <label>Entry</label>
+ <textarea name='entry'>$entryData->entry_text</textarea>
+
+ <fieldset id='editor-buttons'>
+ <input type='submit' name='action' value='delete' />
+ <input type='submit' name='action' value='save' />
+ <p id='editor-message'>$entryData->message</p>
+ </fieldset>
+ </fieldset>
+</form>
+";
+
+echo $out;
+
+?>
diff --git a/coursework-blog/step-10/views/admin/entries-html.php b/coursework-blog/step-10/views/admin/entries-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..2097a76b3afa1ec464ca5dccfc984d5ad63cfafe
--- /dev/null
+++ b/coursework-blog/step-10/views/admin/entries-html.php
@@ -0,0 +1,16 @@
+<?php
+
+if ( isset( $allEntries ) === false ) {
+trigger_error('views/admin/entries-html.php needs $allEntries');
+}
+
+$entriesAsHTML = "<ul>";
+while ( $entry = $allEntries->fetchObject() ) {
+ $href = "admin.php?page=editor&id=$entry->entry_id";
+ $entriesAsHTML .= "<li><a href='$href'>$entry->title</a></li>";
+}
+
+$entriesAsHTML .= "</ul>";
+echo $entriesAsHTML;
+
+?>
diff --git a/coursework-blog/step-10/views/admin/new-admin-form-html.php b/coursework-blog/step-10/views/admin/new-admin-form-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..71cb6f288d9a00a702bde0fba7363da96d5efecb
--- /dev/null
+++ b/coursework-blog/step-10/views/admin/new-admin-form-html.php
@@ -0,0 +1,21 @@
+<?php
+//complete code for views/admin/new-admin-form-html.php
+if( isset($adminFormMessage) === false ) {
+ $adminFormMessage = "";
+}
+
+$out = "<form method='post' action='admin.php?page=users'>
+ <fieldset>
+ <legend>Create new admin user</legend>
+ <label>e-mail</label>
+ <input type='text' name='email' required/>
+ <label>password</label>
+ <input type='password' name='password' required/>
+ <input type='submit' value='create user' name='new-admin'/>
+ </fieldset>
+ <p id='admin-form-message'>$adminFormMessage</p>
+</form>";
+
+echo $out;
+
+
diff --git a/coursework-blog/step-10/views/entry-html.php b/coursework-blog/step-10/views/entry-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..44c629f34b48ce2b432a58a5fe9c6b0fd8c83e80
--- /dev/null
+++ b/coursework-blog/step-10/views/entry-html.php
@@ -0,0 +1,14 @@
+<?php
+
+//check if required data is available
+$entryDataFound = isset( $entryData );
+if ( $entryDataFound === false ) {
+ trigger_error('views/entry-html.php needs an $entryData object');
+}
+//properties available in $entry: entry_id, title, entry_text, date_created
+
+echo "<article>
+ <h1>$entryData->title</h1>
+ <div class='date'>$entryData->date_created</div>
+ $entryData->entry_text
+</article>";
diff --git a/coursework-blog/step-10/views/footer.php b/coursework-blog/step-10/views/footer.php
new file mode 100644
index 0000000000000000000000000000000000000000..e7373f51428a6aa5ef1ffa5d974b7d30d633c526
--- /dev/null
+++ b/coursework-blog/step-10/views/footer.php
@@ -0,0 +1,8 @@
+<?php
+$out = "
+</body>
+</html>
+";
+
+echo $out;
+?>
diff --git a/coursework-blog/step-10/views/header.php b/coursework-blog/step-10/views/header.php
new file mode 100644
index 0000000000000000000000000000000000000000..4c5a94f334184fa5e665e83abf16d0407fc05c98
--- /dev/null
+++ b/coursework-blog/step-10/views/header.php
@@ -0,0 +1,12 @@
+<?php
+$out = "<!DOCTYPE html>
+<html>
+ <head>
+ <title>$title</title>
+ <meta http-equiv='Content-Type' content='text/html;charset=utf-8' />
+ <link rel='stylesheet' type='text/css' href='$css'>
+ <link rel='stylesheet' type='text/css' href='$embeddedStyle'>
+ </head>";
+
+echo $out;
+?>
diff --git a/coursework-blog/step-10/views/list-entries-html.php b/coursework-blog/step-10/views/list-entries-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..f568bc89d29cae908caedf77b8d659b17599da94
--- /dev/null
+++ b/coursework-blog/step-10/views/list-entries-html.php
@@ -0,0 +1,24 @@
+<?php
+
+$entriesFound = isset( $entries );
+if ( $entriesFound === false ) {
+ trigger_error( 'views/list-entries-html.php needs $entries' );
+}
+
+$entriesHTML = "<ul id='blog-entries'>";
+
+while ( $entry = $entries->fetchObject() ) {
+ $href = "index.php?page=blog&id=$entry->entry_id";
+ //create an <li> for each of the entries
+ $entriesHTML .= "<li>
+ <h2>$entry->title</h2>
+ <div>$entry->intro
+ <p><a href='$href'>Read more</a></p>
+ </div>
+ </li>";
+}
+$entriesHTML .= "</ul>";
+
+echo $entriesHTML;
+
+?>
diff --git a/coursework-blog/step-11/admin.php b/coursework-blog/step-11/admin.php
new file mode 100644
index 0000000000000000000000000000000000000000..f538ad87186f155960d55a7b5332ea92aa405978
--- /dev/null
+++ b/coursework-blog/step-11/admin.php
@@ -0,0 +1,36 @@
+<?php
+error_reporting( E_ALL );
+ini_set( "display_errors", 1 );
+
+include_once "../../../coursework_blog_config.php";
+$db = new PDO( $dbInfo, $dbUser, $dbPassword );
+$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+$title = "PHP/MySQL blog demo";
+$css="css/blog.css";
+$embeddedStyle = "";
+
+include_once "views/header.php";
+
+include_once "models/Table.class.php";
+include_once "models/Admin_User.class.php";
+$admin = new Admin_User();
+
+include_once "controllers/admin/login.php";
+
+if( $admin->isLoggedIn() ) {
+ include_once "views/admin/admin-navigation.php";
+
+ $navigation = isset( $_GET['page'] );
+ if ( $navigation ) {
+ $contrl = $_GET['page'];
+ } else {
+ $contrl = "entries";
+ }
+ include_once "controllers/admin/$contrl.php";
+ include_once "views/admin/logout-form-html.php";
+}
+include_once "views/footer.php";
+
+?>
+
diff --git a/coursework-blog/step-11/controllers/admin/editor.php b/coursework-blog/step-11/controllers/admin/editor.php
new file mode 100644
index 0000000000000000000000000000000000000000..bb87c09f4d1097e94677207ef423d14c82243b41
--- /dev/null
+++ b/coursework-blog/step-11/controllers/admin/editor.php
@@ -0,0 +1,52 @@
+<?php
+
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+
+//was editor form submitted?
+$editorSubmitted = isset( $_POST['action'] );
+if ( $editorSubmitted ) {
+ $buttonClicked = $_POST['action'];
+ $id = $_POST['id'];
+ $save = ($buttonClicked === 'save');
+ $insertNewEntry = ( $save and $id === '0' );
+ $updateEntry = ( $save and $insertNewEntry === false );
+ $deleteEntry = ($buttonClicked === 'delete');
+
+ $title = $_POST['title'];
+ $entry = $_POST['entry'];
+
+ if ( $insertNewEntry ) {
+ $savedEntryId = $entryTable->saveEntry( $title, $entry );
+ } else if ( $updateEntry ){
+ $entryTable->updateEntry( $id, $title, $entry );
+ $savedEntryId = $id;
+ } else if ( $deleteEntry ) {
+ $entryTable->deleteEntry( $id );
+ }
+}
+
+$entryRequested = isset( $_GET['id'] );
+$entrySaved = isset( $savedEntryId );
+
+if ( $entryRequested ) {
+ $id = $_GET['id'];
+ $entryData = $entryTable->getEntry( $id );
+ $entryData->entry_id = $id;
+ $entryData->message = "";
+} else if ( $entrySaved ) {
+ $entryData = $entryTable->getEntry( $savedEntryId );
+ $entryData->message = "Entry was saved";
+} else {
+ $entryData = new StdClass();
+ $entryData->entry_id = 0;
+ $entryData->title = "";
+ $entryData->entry_text = "";
+ $entryData->message = "";
+}
+
+
+include_once "views/admin/editor-html.php";
+
+?>
diff --git a/coursework-blog/step-11/controllers/admin/entries.php b/coursework-blog/step-11/controllers/admin/entries.php
new file mode 100644
index 0000000000000000000000000000000000000000..921d4945477d1b8f9120593603abbb64a9dd19a5
--- /dev/null
+++ b/coursework-blog/step-11/controllers/admin/entries.php
@@ -0,0 +1,11 @@
+<?
+
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+$allEntries = $entryTable->getAllEntries();
+
+include_once "views/admin/entries-html.php";
+
+
+?>
diff --git a/coursework-blog/step-11/controllers/admin/login.php b/coursework-blog/step-11/controllers/admin/login.php
new file mode 100644
index 0000000000000000000000000000000000000000..83a7aba705c5e1ba0ba0f8b5e70c2826574a21d1
--- /dev/null
+++ b/coursework-blog/step-11/controllers/admin/login.php
@@ -0,0 +1,26 @@
+<?
+include_once "models/Admin_Table.class.php";
+
+$loginFormSubmitted = isset( $_POST['log-in'] );
+if( $loginFormSubmitted ) {
+ $email = $_POST['email'];
+ $password = $_POST['password'];
+
+ $adminTable = new Admin_Table( $db );
+ try {
+ $adminTable->checkCredentials( $email, $password );
+ $admin->login();
+ } catch ( Exception $e ) {
+ echo $e->getMessage();
+ }
+
+}
+
+$loggingOut = isset ( $_POST['logout'] );
+if ( $loggingOut ){
+ $admin->logout();
+}
+
+if (!$admin->isLoggedIn() ) {
+ include_once "views/admin/login-form-html.php";
+}
diff --git a/coursework-blog/step-11/controllers/admin/users.php b/coursework-blog/step-11/controllers/admin/users.php
new file mode 100644
index 0000000000000000000000000000000000000000..29516cf1844145610a682e807488ac0b969148a7
--- /dev/null
+++ b/coursework-blog/step-11/controllers/admin/users.php
@@ -0,0 +1,21 @@
+<?php
+include_once "models/Table.class.php";
+include_once "models/Admin_Table.class.php";
+
+$createNewAdmin = isset( $_POST['new-admin'] );
+
+if( $createNewAdmin ) {
+
+ $newEmail = $_POST['email'];
+ $newPassword = $_POST['password'];
+ $adminTable = new Admin_Table($db);
+
+ try {
+ $adminTable->create( $newEmail, $newPassword );
+ $adminFormMessage = "New user created";
+ } catch ( Exception $e ) {
+ $adminFormMessage = $e->getMessage();
+ }
+}
+
+include_once "views/admin/new-admin-form-html.php";
diff --git a/coursework-blog/step-11/controllers/blog.php b/coursework-blog/step-11/controllers/blog.php
new file mode 100644
index 0000000000000000000000000000000000000000..c675c8fc0f6da2223d57892b16396ae05a5001cd
--- /dev/null
+++ b/coursework-blog/step-11/controllers/blog.php
@@ -0,0 +1,17 @@
+<?
+include_once "models/Table.class.php";
+include_once "models/Blog_Entry_Table.class.php";
+$entryTable = new Blog_Entry_Table( $db );
+
+
+$entryClicked = isset( $_GET['id'] );
+if ($entryClicked ) {
+ $entryId = $_GET['id'];
+ $entryData = $entryTable->getEntry( $entryId );
+// print_r($entryData);
+ include_once "views/entry-html.php";
+} else {
+ $entries = $entryTable->getallentries();
+ include_once "views/list-entries-html.php";
+}
+?>
diff --git a/coursework-blog/step-11/coursework-blog.sql b/coursework-blog/step-11/coursework-blog.sql
new file mode 100644
index 0000000000000000000000000000000000000000..d9006b2c318c93f769f3be69fa408e58f73731f7
--- /dev/null
+++ b/coursework-blog/step-11/coursework-blog.sql
@@ -0,0 +1,16 @@
+-- this will create a table for blog entries
+CREATE TABLE blog_entry (
+ entry_id INT NOT NULL AUTO_INCREMENT,
+ title VARCHAR( 150 ),
+ entry_text TEXT,
+ date_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY ( entry_id )
+)
+
+-- this will create a table for admin users
+CREATE TABLE admin (
+ admin_id INT NOT NULL AUTO_INCREMENT,
+ email TEXT,
+ password VARCHAR( 32 ),
+ PRIMARY KEY ( admin_id )
+)
diff --git a/coursework-blog/step-11/css/blog.css b/coursework-blog/step-11/css/blog.css
new file mode 100644
index 0000000000000000000000000000000000000000..c1b6d0670a8fd4ef1d0b8d9b856a04639d5d583e
--- /dev/null
+++ b/coursework-blog/step-11/css/blog.css
@@ -0,0 +1,24 @@
+/* code listing for blog/css/blog.css */
+form#editor{
+ width: 300px;
+ margin:0px;
+ padding:0px;
+}
+
+form#editor label, form#editor input[type='text']{
+ display:block;
+}
+
+form#editor #editor-buttons{
+ border:none;
+ text-align:right;
+}
+
+form#editor textarea, form#editor input[type='text']{
+ width:90%;
+ margin-bottom:2em;
+}
+
+form#editor textarea{
+ height:10em;
+}
diff --git a/coursework-blog/step-11/index.php b/coursework-blog/step-11/index.php
new file mode 100644
index 0000000000000000000000000000000000000000..d15e46128c23bde74a1f5f5130449f4f805659a7
--- /dev/null
+++ b/coursework-blog/step-11/index.php
@@ -0,0 +1,19 @@
+<?php
+error_reporting( E_ALL );
+ini_set( "display_errors", 1 );
+
+include_once "../../../coursework_blog_config.php";
+$db = new PDO( $dbInfo, $dbUser, $dbPassword );
+$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+$title = "PHP/MySQL blog demo";
+$css="css/blog.css";
+$embeddedStyle = "";
+include_once "views/header.php";
+
+include_once "controllers/blog.php";
+
+include_once "views/footer.php";
+
+?>
+
diff --git a/coursework-blog/step-11/models/Admin_Table.class.php b/coursework-blog/step-11/models/Admin_Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..7c873c4f4c9deb9064b64c320c8c690505b64d7b
--- /dev/null
+++ b/coursework-blog/step-11/models/Admin_Table.class.php
@@ -0,0 +1,39 @@
+<?
+
+class Admin_Table extends Table {
+
+ public function create ( $email, $password ) {
+ $this->checkEmail( $email );
+ $sql = "INSERT INTO admin ( email, password )
+ VALUES( ?, SHA1(?) )";
+ $data= array( $email, $password );
+ $this->makeStatement( $sql, $data );
+ }
+
+ private function checkEmail ($email) {
+ $sql = "SELECT email FROM admin WHERE email = ?";
+ $data = array( $email );
+ $this->makeStatement( $sql, $data );
+ $statement = $this->makeStatement( $sql, $data );
+ if ( $statement->rowCount() === 1 ) {
+ $e = new Exception("Error: '$email' already used!");
+ throw $e;
+ }
+ }
+
+ public function checkCredentials ( $email, $password ){
+ $sql = "SELECT email FROM admin
+ WHERE email = ? AND password = SHA1(?)";
+ $data = array($email, $password);
+ $statement = $this->makeStatement( $sql, $data );
+ if ( $statement->rowCount() === 1 ) {
+ $out = true;
+ } else {
+ $loginProblem = new Exception( "login failed!" );
+ throw $loginProblem;
+ }
+ return $out;
+ }
+
+
+}
diff --git a/coursework-blog/step-11/models/Admin_User.class.php b/coursework-blog/step-11/models/Admin_User.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..a6c2ba8958d64f452360e2c34601240f9fce1978
--- /dev/null
+++ b/coursework-blog/step-11/models/Admin_User.class.php
@@ -0,0 +1,25 @@
+<?php
+class Admin_User {
+ public function __construct(){
+ session_start();
+ }
+
+ public function isLoggedIn(){
+ $sessionIsSet = isset( $_SESSION['logged_in'] );
+ if ( $sessionIsSet ) {
+ $out = $_SESSION['logged_in'];
+ } else {
+ $out = false;
+ }
+ return $out;
+ }
+
+ public function login () {
+ $_SESSION['logged_in'] = true;
+ }
+
+ public function logout () {
+ $_SESSION['logged_in'] = false;
+ }
+
+}
diff --git a/coursework-blog/step-11/models/Blog_Entry_Table.class.php b/coursework-blog/step-11/models/Blog_Entry_Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..9a6c81a1ecb26e5d5f7e420233735eea307fd271
--- /dev/null
+++ b/coursework-blog/step-11/models/Blog_Entry_Table.class.php
@@ -0,0 +1,45 @@
+<?php
+class Blog_Entry_Table extends Table {
+
+
+ public function saveEntry ( $title, $entry ) {
+ $entrySQL = "INSERT INTO blog_entry ( title, entry_text ) VALUES ( ?, ?)";
+ $formData = array( $title, $entry );
+ $entryStatement = $this->makeStatement( $entrySQL, $formData );
+ return $this->db->lastInsertId();
+ }
+
+ public function getAllEntries () {
+ $sql = "SELECT entry_id, title, SUBSTRING(entry_text, 1, 150) AS intro FROM blog_entry";
+ $statement = $this->makeStatement($sql);
+ return $statement;
+ }
+
+
+ public function getEntry( $id ){
+ $sql = "SELECT entry_id, title, entry_text, date_created FROM blog_entry WHERE entry_id = ?";
+ $data = array($id);
+ $statement = $this->makeStatement( $sql, $data);
+ $model = $statement->fetchObject();
+ return $model;
+ }
+
+ public function updateEntry ( $id, $title, $entry) {
+ $sql = "UPDATE blog_entry
+ SET title = ?,
+ entry_text = ?
+ WHERE entry_id = ?";
+ $data = array( $title, $entry, $id );
+ $statement = $this->makeStatement( $sql, $data) ;
+ return $statement;
+ }
+
+ public function deleteEntry ( $id ) {
+ $sql = "DELETE FROM blog_entry WHERE entry_id = ?";
+ $data = array( $id );
+ $statement = $this->makeStatement( $sql, $data );
+ }
+
+}
+
+?>
diff --git a/coursework-blog/step-11/models/Table.class.php b/coursework-blog/step-11/models/Table.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..0f5eaf1cd18b5e778762ae34c234a716c7f5f0b4
--- /dev/null
+++ b/coursework-blog/step-11/models/Table.class.php
@@ -0,0 +1,22 @@
+<?php
+class Table {
+ protected $db;
+
+
+ public function __construct ( $db ) {
+ $this->db = $db;
+ }
+
+ public function makeStatement( $sql, $data = NULL) {
+ $statement = $this->db->prepare( $sql );
+ try{
+ $statement->execute( $data );
+ } catch (Exception $e) {
+ $exceptionMessage = "<p>You tried to run this sql: $sql <p>
+ <p>Exception: $e</p>";
+ trigger_error($exceptionMessage);
+ }
+ return $statement;
+ }
+
+}
diff --git a/coursework-blog/step-11/views/admin/admin-navigation.php b/coursework-blog/step-11/views/admin/admin-navigation.php
new file mode 100644
index 0000000000000000000000000000000000000000..05a639ed7217f7d8aff2dd315526441cc5f180fa
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/admin-navigation.php
@@ -0,0 +1,12 @@
+<?php
+
+$out = "
+<nav id='admin-navigation'>
+ <a href='admin.php?page=entries'>All entries</a>
+ <a href='admin.php?page=editor'>Editor</a>
+ <a href='admin.php?page=users'>Create admin user</a>
+</nav>";
+
+echo $out;
+
+?>
diff --git a/coursework-blog/step-11/views/admin/editor-html.php b/coursework-blog/step-11/views/admin/editor-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..e614941c7cfbf37d4cf009076dcf31cc2c3eaffb
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/editor-html.php
@@ -0,0 +1,25 @@
+<?php
+
+$out = "
+<form method='post' action='admin.php?page=editor' id='editor'>
+ <input type='hidden' name='id' value='$entryData->entry_id' />
+ <fieldset>
+ <legend>New Entry Submission</legend>
+ <label>Title</label>
+ <input type='text' name='title' maxlength='150' value='$entryData->title' required />
+
+ <label>Entry</label>
+ <textarea name='entry'>$entryData->entry_text</textarea>
+
+ <fieldset id='editor-buttons'>
+ <input type='submit' name='action' value='delete' />
+ <input type='submit' name='action' value='save' />
+ <p id='editor-message'>$entryData->message</p>
+ </fieldset>
+ </fieldset>
+</form>
+";
+
+echo $out;
+
+?>
diff --git a/coursework-blog/step-11/views/admin/entries-html.php b/coursework-blog/step-11/views/admin/entries-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..2097a76b3afa1ec464ca5dccfc984d5ad63cfafe
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/entries-html.php
@@ -0,0 +1,16 @@
+<?php
+
+if ( isset( $allEntries ) === false ) {
+trigger_error('views/admin/entries-html.php needs $allEntries');
+}
+
+$entriesAsHTML = "<ul>";
+while ( $entry = $allEntries->fetchObject() ) {
+ $href = "admin.php?page=editor&id=$entry->entry_id";
+ $entriesAsHTML .= "<li><a href='$href'>$entry->title</a></li>";
+}
+
+$entriesAsHTML .= "</ul>";
+echo $entriesAsHTML;
+
+?>
diff --git a/coursework-blog/step-11/views/admin/login-form-html.php b/coursework-blog/step-11/views/admin/login-form-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..72af92a4f87a0824bddd2d048673ff0babc973a9
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/login-form-html.php
@@ -0,0 +1,10 @@
+<?
+$out = " <form method='post' action='admin.php'>
+ <p>Login to access admin area</p>
+ <label>e-mail</label><input type='email' name='email' required />
+ <label>password</label>
+ <input type='password' name='password' required />
+ <input type='submit' value='login' name='log-in' />
+</form>";
+
+echo $out;
diff --git a/coursework-blog/step-11/views/admin/logout-form-html.php b/coursework-blog/step-11/views/admin/logout-form-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..92192f1781ce25735855b375f9021c168105f2ed
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/logout-form-html.php
@@ -0,0 +1,8 @@
+<?php
+$out = "
+<form method='post' action='admin.php'>
+ <label>logged in as administrator</label>
+ <input type='submit' value='log out' name='logout' />
+</form>";
+
+echo $out;
diff --git a/coursework-blog/step-11/views/admin/new-admin-form-html.php b/coursework-blog/step-11/views/admin/new-admin-form-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..ca35f9f29e2bce62c2b965d123bc0cb545e7836e
--- /dev/null
+++ b/coursework-blog/step-11/views/admin/new-admin-form-html.php
@@ -0,0 +1,20 @@
+<?php
+if( isset($adminFormMessage) === false ) {
+ $adminFormMessage = "";
+}
+
+$out = "<form method='post' action='admin.php?page=users'>
+ <fieldset>
+ <legend>Create new admin user</legend>
+ <label>e-mail</label>
+ <input type='email' name='email' required/>
+ <label>password</label>
+ <input type='password' name='password' required/>
+ <input type='submit' value='create user' name='new-admin'/>
+ </fieldset>
+ <p id='admin-form-message'>$adminFormMessage</p>
+</form>";
+
+echo $out;
+
+
diff --git a/coursework-blog/step-11/views/entry-html.php b/coursework-blog/step-11/views/entry-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..44c629f34b48ce2b432a58a5fe9c6b0fd8c83e80
--- /dev/null
+++ b/coursework-blog/step-11/views/entry-html.php
@@ -0,0 +1,14 @@
+<?php
+
+//check if required data is available
+$entryDataFound = isset( $entryData );
+if ( $entryDataFound === false ) {
+ trigger_error('views/entry-html.php needs an $entryData object');
+}
+//properties available in $entry: entry_id, title, entry_text, date_created
+
+echo "<article>
+ <h1>$entryData->title</h1>
+ <div class='date'>$entryData->date_created</div>
+ $entryData->entry_text
+</article>";
diff --git a/coursework-blog/step-11/views/footer.php b/coursework-blog/step-11/views/footer.php
new file mode 100644
index 0000000000000000000000000000000000000000..e7373f51428a6aa5ef1ffa5d974b7d30d633c526
--- /dev/null
+++ b/coursework-blog/step-11/views/footer.php
@@ -0,0 +1,8 @@
+<?php
+$out = "
+</body>
+</html>
+";
+
+echo $out;
+?>
diff --git a/coursework-blog/step-11/views/header.php b/coursework-blog/step-11/views/header.php
new file mode 100644
index 0000000000000000000000000000000000000000..4c5a94f334184fa5e665e83abf16d0407fc05c98
--- /dev/null
+++ b/coursework-blog/step-11/views/header.php
@@ -0,0 +1,12 @@
+<?php
+$out = "<!DOCTYPE html>
+<html>
+ <head>
+ <title>$title</title>
+ <meta http-equiv='Content-Type' content='text/html;charset=utf-8' />
+ <link rel='stylesheet' type='text/css' href='$css'>
+ <link rel='stylesheet' type='text/css' href='$embeddedStyle'>
+ </head>";
+
+echo $out;
+?>
diff --git a/coursework-blog/step-11/views/list-entries-html.php b/coursework-blog/step-11/views/list-entries-html.php
new file mode 100644
index 0000000000000000000000000000000000000000..f568bc89d29cae908caedf77b8d659b17599da94
--- /dev/null
+++ b/coursework-blog/step-11/views/list-entries-html.php
@@ -0,0 +1,24 @@
+<?php
+
+$entriesFound = isset( $entries );
+if ( $entriesFound === false ) {
+ trigger_error( 'views/list-entries-html.php needs $entries' );
+}
+
+$entriesHTML = "<ul id='blog-entries'>";
+
+while ( $entry = $entries->fetchObject() ) {
+ $href = "index.php?page=blog&id=$entry->entry_id";
+ //create an <li> for each of the entries
+ $entriesHTML .= "<li>
+ <h2>$entry->title</h2>
+ <div>$entry->intro
+ <p><a href='$href'>Read more</a></p>
+ </div>
+ </li>";
+}
+$entriesHTML .= "</ul>";
+
+echo $entriesHTML;
+
+?>